.TH "shc" "1" "January 14, 2019" "shc user manual" ""
.SH NAME
.PP
shc \- Generic shell script compiler
.SH SYNOPSIS
.PP
\f[B]shc\f[] [ \-e \f[I]date\f[] ] [ \-m \f[I]addr\f[] ] [ \-i
\f[I]iopt\f[] ] [ \-x \f[I]cmnd\f[] ] [ \-l \f[I]lopt\f[] ] [ \-o
\f[I]outfile\f[] ] [ \-ABCDhUHvSr ] \-f \f[I]script\f[]
.SH DESCRIPTION
.PP
\f[B]shc\f[] creates a stripped binary executable version of the script
specified with \f[C]\-f\f[] on the command line.
.PP
The binary version will get a \f[C]\&.x\f[] extension appended by
default if \f[I]outfile\f[] is not defined with [\-o \f[I]outfile\f[]]
option and will usually be a bit larger in size than the original ascii
code.
Generated C source code is saved in a file with the extension
\f[C]\&.x.c\f[] or in a file specified with appropriate option.
.PP
If you supply an expiration date with the \f[C]\-e\f[] option, the
compiled binary will refuse to run after the date specified.
The message \f[B]Please contact your provider\f[] will be displayed
instead.
This message can be changed with the \f[C]\-m\f[] option.
.PP
You can compile any kind of shell script, but you need to supply valid
\f[C]\-i\f[], \f[C]\-x\f[] and \f[C]\-l\f[] options.
.PP
The compiled binary will still be dependent on the shell specified in
the first line of the shell code (i.e.
\f[C]#!/bin/sh\f[]), thus \f[B]shc\f[] does not create completely
independent binaries.
.PP
\f[B]shc\f[] itself is not a compiler such as cc, it rather encodes and
encrypts a shell script and generates C source code with the added
expiration capability.
It then uses the system compiler to compile a stripped binary which
behaves exactly like the original script.
Upon execution, the compiled binary will decrypt and execute the code
with the shell \f[C]\-c\f[] option.
Unfortunately, it will not give you any speed improvement as a real C
program would.
.PP
\f[B]shc\f[]\[aq]s main purpose is to protect your shell scripts from
modification or inspection.
You can use it if you wish to distribute your scripts but don\[aq]t want
them to be easily readable by other people.
.SH OPTIONS
.PP
\-e \f[I]date\f[] : Expiration date in \f[I]dd/mm/yyyy\f[] format
\f[C][none]\f[]
.PP
\-m \f[I]message\f[] : message to display upon expiration
\f[C]["Please\ contact\ your\ provider"]\f[]
.PP
\-f \f[I]script_name\f[] : File path of the script to compile
.PP
\-i \f[I]inline_option\f[] : Inline option for the shell interpreter
i.e: \f[C]\-e\f[]
.PP
\-x \f[I]command\f[] : eXec command, as a printf format i.e:
\f[C]exec(\\\\\[aq]%s\\\\\[aq],\@ARGV);\f[]
.PP
\-l \f[I]last_option\f[] : Last shell option i.e: \f[C]\-\-\f[]
.PP
\-o \f[I]outfile\f[] : output to the file specified by outfile
.PP
\-r : Relax security.
Make a redistributable binary which executes on different systems
running the same operating system.
You can release your binary with this option for others to use
.PP
\-v : Verbose compilation
.PP
\-S : Switch ON setuid for root callable programs [OFF]
.PP
\-D : Switch on debug exec calls
.PP
\-U : Make binary to be untraceable (using \f[I]strace\f[],
\f[I]ptrace\f[], \f[I]truss\f[], etc.)
.PP
\-H : Hardening.
Extra security flag without root access requirement that protects
against dumping, code injection, \f[C]cat\ /proc/pid/cmdline\f[],
ptrace, etc..
This feature is \f[B]experimental\f[] and may not work on all systems.
it require bourne shell (sh) scripts
any positional parameters.
.PP
\-C : Display license and exit
.PP
\-A : Display abstract and exit
.PP
\-B : Compile for BusyBox
.PP
\-h : Display help and exit
.SH ENVIRONMENT VARIABLES
.PP
CC : C compiler command \f[C][cc]\f[]
.PP
CFLAGS : C compiler flags \f[C][none]\f[]
.PP
LDFLAGS : Linker flags \f[C][none]\f[]
.SH EXAMPLES
.PP
Compile a script which can be run on other systems with the trace option
enabled (without \f[C]\-U\f[] flag):
.IP
.nf
\f[C]
shc\ \-f\ myscript\ \-o\ mybinary
\f[]
.fi
.PP
Compile an untraceable binary:
.IP
.nf
\f[C]
shc\ \-Uf\ myscript\ \-o\ mybinary
\f[]
.fi
.PP
Compile an untraceable binary that doesn\[aq]t require root access
(experimental):
.IP
.nf
\f[C]
shc\ \-Hf\ myscript\ \-o\ mybinary
\f[]
.fi
.SH LIMITATIONS
.PP
The maximum size of the script that could be executed once compiled is
limited by the operating system configuration parameter
\f[C]_SC_ARG_MAX\f[] (see sysconf(2))
.SH AUTHORS
.PP
Francisco Rosales <frosal@fi.upm.es>
.PP
intika <intika@librefox.org>
.PP
Md Jahidul Hamid <jahidulhamid@yahoo.com>
.SH REPORT BUGS TO
.PP
<https://github.com/neurobin/shc/issues>
